Adding ArcGIS Sign In Using Omniauth and Rails

We’re all familiar with being able to sign into other applications with our Facebook
or Google account, but what about an ArcGIS Online account? This is possible because
ArcGIS Online uses OAuth 2 as it’s authentication framework. There is limited information on
how this process works, so this post is meant to shed some light into the process.

For this tutorial, we will create a dummy application that will allow users to sign in using their existing
ArcGIS Online credentials. Once signed in, the user will be able to post a message. Pretty simple!

The process assumes you have a working knowledge of Ruby on Rails and a basic understanding of OAuth and authentication
workflows in Rails.

Step 1. Application Setup

We must first create our rails application using the command line rails generator:

Step 4. Wiring Everything Together

So far, we’ve added our message scaffold, created an authenticated user model, and hooked up the
associations for our active directory to work as intended. This was all done with the help
of Rails generators, and the Devise authentication gem. Now, we need to tie all these parts
together for a working application.

When a user visits the site, the home page should show a list of posted messages, which
requires us to set the root route:

# config/routes.rb
...
root 'messages#index'

Next, we need to modify our app to accomodate the security measures created by adding our Devise user
model. First, let’s restrict the ability to create, update, or delete messages unless a user is
signed in:

This limits any unauthenticated user to only access the index and show actions of the messages
controller. Next, we need to modify some of the actions to associate the messages with the current
user. Modify the actions in the messages controller:

Now we have a working application that has built in authentication. Give it a try by running
rails s and testing your app.

Step 5. Sign in With ArcGIS

When we’re signing in now, were doing so by creating a new account. What we want to do, is avoid this by
allowing users to sign in with their existing ArcGIS Online accounts. Devise supports this by adding
OmniAuth. The first step is to add the ArcGIS OmniAuth and support for OAuth2 gem to our Gemfile:

gem 'omniauth-oauth2', '~> 1.3.1'
gem 'omniauth-arcgis', '~> 0.1.1'

Install gems:

bundle install

We need to update the user model to accomodate the ArcGIS Provider and user id:

In order to enable OAuth with ArcGIS Online, you need to register the application
on http://developers.arcgis.com. After you have registered
the application, add your development URL (http://localhost:3000) to the Redirect URI form
under the authentication tab. Notice the Client and Client Secret listed on the page? We will
use these to setup our OmniAuth.

While you could hard code the Cleint ID an Secret into your initializer, I like to use
Figaro to manage the setting of my environment variables.

gem 'figaro', '~> 1.1', '>= 1.1.1'

bundle install
bundle exec figaro install

This adds a new file config/application.yml and adds it to our .gitignore file. Add your Client ID
and Secret here:

arcgis_client_id: 'xxxxx'
arcgis_client_secret: 'xxxxx'

This will allow us to access ENV[‘arcgis_client_id’] from anywhere in our application.